Denys Vlasenko
bf18239e3d
blkid: make it NOEXEC, make FEATURE_BLKID_TYPE=y default
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:16:28 +02:00
Denys Vlasenko
86e07f6893
brctl: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:14:02 +02:00
Denys Vlasenko
ed7d118dd0
adjtimex: make it NOFORK
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:00:21 +02:00
Denys Vlasenko
a894a4bedd
raidautorun: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 19:08:46 +02:00
Denys Vlasenko
1b280e4652
loadfont,setfont: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 19:05:45 +02:00
Denys Vlasenko
5cb907fffc
setconsole: make it NOEXEC
...
BTW, I failed to make it do what it meant to do.
ioctl appears to succeed, but kernel's output is not coming
to the specified console (tried on VT consoles too).
OTOH, setlogcons does work...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:56:25 +02:00
Denys Vlasenko
b83db4ddae
setkeycodes: make it NOEXEC, better --help text
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:29:25 +02:00
Denys Vlasenko
341ce0a31e
setlogcons: make it NOEXEC, better --help text
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:17:58 +02:00
Denys Vlasenko
97b738d359
setserial: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:06:46 +02:00
Denys Vlasenko
2262746e2b
slattach: code shrink, better --help text
...
function old new delta
tcsetattr_serial_or_warn - 34 +34
static.int_N_SLIP - 4 +4
restore_state_and_exit 123 117 -6
packed_usage 31774 31747 -27
set_termios_state_or_warn 42 - -42
slattach_main 673 624 -49
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 0/3 up/down: 38/-124) Total: -86 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 17:14:09 +02:00
Denys Vlasenko
a759b22c29
nameif: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 14:15:24 +02:00
Denys Vlasenko
9a58cc0f7f
tunctl: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 12:28:00 +02:00
Denys Vlasenko
3239ab89c9
lspci,lsscsi,lsusb: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:28:19 +02:00
Denys Vlasenko
83a6c8d58b
umount: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:21:02 +02:00
Denys Vlasenko
00c1811d87
pstree: make it NOEXEC
...
While at it, documet why ps can't be NOEXEC.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 22:25:00 +02:00
Denys Vlasenko
99125c0495
chattr,lsattr,tune2fs: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 20:38:04 +02:00
Denys Vlasenko
caf26b36f3
sysctl: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 18:23:10 +02:00
Denys Vlasenko
feb79e8742
cryptpw, mkpasswd: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:08:23 +02:00
Denys Vlasenko
ff53bee723
chvt, deallocvt, dumpkmap, fgconsole, loadkmap: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:02:31 +02:00
Denys Vlasenko
fdb92359e4
pivot_root: make it NOFORK
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:51:12 +02:00
Denys Vlasenko
9c49d6e11b
partprobe: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:46:39 +02:00
Denys Vlasenko
a453ca576f
sv, svc: make them NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:42:08 +02:00
Denys Vlasenko
9f59849daa
blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:29:12 +02:00
Denys Vlasenko
692eeb81a4
stty: make in NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 20:07:19 +02:00
Denys Vlasenko
5c527dc57e
make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
...
The applets with "<applet> [opts] PROG ARGS" API very quickly exec
another program, noexec is okay for them:
chpst/envdir/envuidgid/softlimit/setuidgid
chroot
chrt
ionice
nice
nohup
setarch/linux32/linux64
taskset
cttyhack
"reset" and "sulogin" applets don't have this form, but also exec
another program at once, thus made noexec too.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:55:01 +02:00
Denys Vlasenko
6514785f95
mesg: make in NOFORK
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:16:01 +02:00
Denys Vlasenko
947b2391c0
pmap: tweak help text, show usage if no params are given
...
Noticed while auditing nofork/noexec status
function old new delta
pmap_main 70 80 +10
packed_usage 31747 31744 -3
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 18:37:34 +02:00
Denys Vlasenko
83d7785e41
runlevel: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:59:46 +02:00
Denys Vlasenko
6bec24c4f5
mktemp: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:39:05 +02:00
Denys Vlasenko
74c05f5b2c
chat: trim help text
...
Noticed while auditing nofork/noexec status
function old new delta
packed_usage 31777 31747 -30
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:36:16 +02:00
Denys Vlasenko
7f9d62d7f5
tweak NOFORK_NOEXEC.lst
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 16:01:39 +02:00
Denys Vlasenko
49e6bf2db9
sheel: improve comments on signal handling
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 14:28:16 +02:00
Denys Vlasenko
3346b4afc5
modutils: make them NOEXEC except depmod
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 02:56:39 +02:00
Denys Vlasenko
72d725d7cc
getopt: make it NOEXEC
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:30:21 +02:00
Denys Vlasenko
39194f0309
new NOFORKs: pwdx,kill[all5],ttysize,realpath,readlink NOEXECs: date,resize
...
function old new delta
run_nofork_applet 258 280 +22
readlink_main 112 123 +11
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 33/0) Total: 33 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:03:32 +02:00
Denys Vlasenko
819b47aa35
new NOFORKs: clear, nproc, tty, uname, arch, unlink, which
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 03:29:32 +02:00